Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Hub and Spoke VPN

To: [email protected]
Subject: Re: [FW-1] Hub and Spoke VPN
From: Don <[email protected]>
Date: Thu, 31 Jan 2002 17:12:35 -0500
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

> put a pc with a bunch of routing statements behind the firewall and use it
> as your central router. at each spoke reference this pc as your gateway
> to the other spoke-nets and you should be ok.
This PC is going to receive traffic from a remote network from the
firewall. It is then going to attempt to route it back through the
firewall. This should result in an ICMP redirect to the firewall that
tells it that it is in fact the next hop.

More likely, the firewall will have to have routes to the other networks
and it will attempt to forward the traffic before it ever gets to the
internal PC. CheckPoint will decrypt the packet, attempt to route it
and never re-encrypt it.

Finally, with routing you are only supposed to specify the next hop. You
can not tell a system that the path to XYZ network is through that router
over there (Three hops away).

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Hub and Spoke VPN
  - From: Peter Papadopoulos <[email protected]>

Prev by Date: Re: [FW-1] Question about Rainwall
Next by Date: Re: [FW-1] Running "fw" commands from cron under NG on Solaris!
Previous by thread: Re: [FW-1] Hub and Spoke VPN
Next by thread: Re: [FW-1] Hub and Spoke VPN
Index(es):
- Date
- Thread